isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,229 Commits 1 Branch 0 Tags
83fc02bc97917fafc38a6a2b1033f7d750ccd12d
Commit Graph

529 Commits

Author SHA1 Message Date
Todd C. Miller
83fc02bc97 Rototill code to determine the tty. For Linux, we now look up the 
tty device in /proc/pid/stat instead of trying to open /proc/pid/fd/[0-2].
The sudo_ttyname_dev() function maps the given device number to a
string.  On BSD, we can use devname().  On Solaris, _ttyname_dev()
does what we want.
TODO: write /dev/ traversal code for the generic sudo_ttyname_dev().
 2012-04-11 14:48:08 -04:00
Todd C. Miller
11f13be0dd Check for SVR4-style struct psinfo.pr_ttydev and use that to determine 
the tty if std{in,out,err} are not ttys.
 2012-04-10 15:53:41 -04:00
Todd C. Miller
0d108287b9 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the 
glob() and fnmatch() results to be consistent.
 2012-04-08 18:00:31 -04:00
Todd C. Miller
9ceea5cb7b Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers 
to sudo_noexec.c.
 2012-03-30 09:36:30 -04:00
Todd C. Miller
8393ec0501 Fix building the builtin zlib from a build dir. 
When a zlib dir was specified, prepend its include path instead of
appending so we get the right zlib headers.
 2012-03-29 10:32:29 -04:00
Todd C. Miller
9cd65dafc6 Add check for pam_getenvlist() 2012-03-14 20:55:11 -04:00
Todd C. Miller
ed774f2b13 Bump version to 1.8.5 2012-03-14 14:17:44 -04:00
Todd C. Miller
37770ecf1e Initial cut at a hooks implementation. The plugin can register 
hooks for getenv, putenv, setenv and unsetenv.  This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
 2012-03-07 16:35:42 -05:00
Todd C. Miller
06e390a566 Add check for variadic macro support in cpp. 2012-03-01 13:05:03 -05:00
Todd C. Miller
966fa83a9a Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions 
of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
 2012-02-28 10:33:16 -05:00
Todd C. Miller
22f4f10a3a Check for LD_PRELOAD variants in configure instead of checkign cpp 
symbols.  In disable_execute(), compute the length of the new envp
and allocate it once instead of reallocating on demand.  Also append
old value of LD_PRELOAD (if any) to the new value.
 2012-02-21 13:26:02 -05:00
Todd C. Miller
054e448081 Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS 2012-02-10 14:28:10 -05:00
Todd C. Miller
8c1d8a7b15 Make a copy of the struct passwd in exec_setup() to make sure nothing 
in the policy init modifies it.
 2012-02-06 10:56:39 -05:00
Todd C. Miller
f1fef17d83 Error out if user specified --with-pam but we can't find the headers 
or library.  Also throw an error if the headers are present but the
library is not and vice versa.
 2012-02-01 11:27:50 -05:00
Todd C. Miller
c894f802d3 Verify that we can link executables built with -D_FORTIFY_SOURCE 
before using it.
 2012-01-30 14:09:17 -05:00
Todd C. Miller
7908621ba0 Add rudimentary check for _FORTIFY_SOURCE support by checking for 
__sprintf_chk, one of the functions used by gcc to support it.
 2012-01-30 10:09:23 -05:00
Todd C. Miller
da6fe1230f Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. 2012-01-30 09:28:11 -05:00
Todd C. Miller
e852bf4374 Add custom version of AC_CHECK_LIB that uses the extra libs in the 
cache value name.  With this we no longer need to rely on a modified
version of autoconf.
 2012-01-20 10:28:56 -05:00
Todd C. Miller
d337a532ac Better handling of network functions that need -lsocket -lnsl 2012-01-19 14:19:37 -05:00
Todd C. Miller
8e3691c38e Remove "WARNING: unable to find foo() trying -lsocket -lnsl" 2012-01-19 11:09:22 -05:00
Todd C. Miller
7747b481dd Fix sh warning; use "test" instead of "[" 2012-01-17 13:07:35 -05:00
Todd C. Miller
40badb50e6 Only run compat regress tests on compat objects we actually build. 
Fixes "make check" in the compat dir for systems that don't implement
character classes in fnmatch() or glob().  Bug #531
 2012-01-16 10:40:11 -05:00
Todd C. Miller
760cdb00d8 Remove obsolete template for HAVE_TIMESPEC 2012-01-12 13:25:04 -05:00
Todd C. Miller
528258aff5 Add support for determining tty via sysctl on other BSD variants. 2012-01-10 16:49:24 -05:00
Todd C. Miller
5c59576eac Only check for struct kinfo_proc.ki_tdev on systems that support sysctl. 2012-01-10 13:02:55 -05:00
Todd C. Miller
974e50dcf0 On newer FreeBSD we can get the parent's tty name via sysctl(). 2012-01-09 16:08:58 -05:00
Todd C. Miller
b1882a7945 More complete test for getaddrinfo() that doesn't rely on the network 
libraries already being added to LIBS.
 2012-01-07 12:22:43 -05:00
Todd C. Miller
c1a9cc9ab1 Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. 2012-01-06 20:02:12 -05:00
Todd C. Miller
241b1db873 Add --enable-kerb5-instance configure option to allow people using 
Kerberos V authentication to use a custom instance.  Adapted from
a diff by Michael E Burr.
 2012-01-05 15:39:05 -05:00
Todd C. Miller
a24d86b32c When running a login shell with a login_class specified, use 
LOGIN_SETENV instead of rolling our own login.conf setenv support
since FreeBSD's login.conf has more than just setenv capabilities.
This requires us to swap the plugin-provided envp for the global
environ before calling setusercontext() and then stash the resulting
environ pointer back into the command details, which is kind of a
hack.
 2011-12-08 17:17:25 -05:00
Todd C. Miller
edd32aa8df Mention how to configure pam_hpsec on HP-UX to play nicely with sudo. 2011-12-08 09:10:07 -05:00
Todd C. Miller
9f0abb4692 Add support for setenv entries in login.conf. We can't use LOGIN_SETENV 
since the plugin sets up the envp the command is executed with.
Also regen the Makefile.in files while here.  Fixes bug #527
 2011-12-05 10:43:44 -05:00
Todd C. Miller
38a4990e4a Add getaddrinfo() for those without it, written by Russ Allbery 2011-12-02 17:28:50 -05:00
Todd C. Miller
01147eda3a Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1" 2011-12-02 13:43:02 -05:00
Todd C. Miller
21a2f95821 Use stdbool.h instead of rolling our own TRUE/FALSE macros. 2011-12-02 11:27:33 -05:00
Todd C. Miller
86c86183ab Add stdbool.h for systems without it. 2011-12-01 13:49:46 -05:00
Todd C. Miller
e54fc4eb34 No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default 
includes have unistd.h in them.  Add check for socklen_t for upcoming
getaddrinfo compat.
 2011-12-01 11:27:57 -05:00
Todd C. Miller
51e45647ae Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of 
HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
 2011-12-01 11:07:17 -05:00
Todd C. Miller
1b9f2cdbc6 Do multiple expansion when expanding paths to the noexec file, sesh 
and the plugin directory.  Adapted from a diff by Mike Frysinger
 2011-11-22 14:53:47 -05:00
Todd C. Miller
b27eeb41b2 Update to libtool 2.4.2 2011-11-21 12:24:32 -05:00
Todd C. Miller
19c98b62bf Don't error out if the user specified --disable-shared 2011-11-13 21:24:02 -05:00
Todd C. Miller
5c29710f35 Remove obsolete securid auth method. 2011-11-13 11:54:06 -05:00
Todd C. Miller
c86561e502 Remove the old Kerberos IV support 2011-11-13 09:12:43 -05:00
Todd C. Miller
749a7695d0 Add checks for __func__ and __FUNCTION__ and mention that we now 
require a cpp that supports variadic macros.
 2011-10-22 14:20:52 -04:00
Todd C. Miller
8ef560b85c Override and ignore the --disable-static option. Sudo already runs 
libtool with -tag=disable-static where applicable and we need non-PIC
objects to build the executables.
 2011-10-12 08:24:13 -04:00
Todd C. Miller
4724e313e0 FreeBSD has libutil.h not util.h 2011-09-21 09:52:33 -04:00
Todd C. Miller
441abee4e8 Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD 2011-09-21 09:46:52 -04:00
Todd C. Miller
647e087cd3 Fix some square brackets in case statements that needed to be doubled 
up.  While here, use $OSMAJOR when it makes sense.
 2011-09-16 13:05:21 -04:00
Todd C. Miller
523492af52 Error message if user tries --with-CC 2011-09-16 09:04:58 -04:00
Todd C. Miller
ba331ebfb6 Check for -libmldap too when looking for ldap libs, which is the 
Tivoli Directory Server client library.
 2011-09-16 09:04:27 -04:00